TLS: Allow tls-min-version=1.3 configuration

Bounds limiting was restricting configuration to <1.2 since those are
the currently available TLS versions. But 1.3 is upcoming and may be
used within the lifetime of this Squid version.

 Detected by Coverity Scan. Issue 1311636

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index da19b0177fc78bd88ddef1113c0f1b29b69eeb7c..26b8e74d049e0c1c4b3df81ea9b07f07eeb4ced8 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -122,9 +122,9 @@ Security::PeerOptions::updateTlsVersionLimits()
     if (!tlsMinVersion.isEmpty()) {
         ::Parser::Tokenizer tok(tlsMinVersion);
         int64_t v = 0;
-        if (tok.skip('1') && tok.skip('.') && tok.int64(v, 10, false, 1) && v <= 2) {
+        if (tok.skip('1') && tok.skip('.') && tok.int64(v, 10, false, 1) && v <= 3) {
             // only account for TLS here - SSL versions are handled by options= parameter
-            // avoid affectign options= parameter in cachemgr config report
+            // avoid affecting options= parameter in cachemgr config report
 #if SSL_OP_NO_TLSv1
             if (v > 0)
                 parsedOptions |= SSL_OP_NO_TLSv1;